CVE-2010-0784
Description
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM WebSphere Application Server 7.0 before 7.0.0.13 includes a cross-site scripting (XSS) vulnerability in the Administrative Console that allows remote attackers to inject arbitrary web script or HTML.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the Administrative Console of IBM WebSphere Application Server (WAS) 7.0 before version 7.0.0.13 [1][2]. The vulnerability occurs via unspecified vectors in the Administrative Console interface, meaning the specific input fields or parameters that are not properly sanitized have not been publicly detailed. The affected versions are WAS 7.0.0.x prior to 7.0.0.13.
Exploitation
An attacker can exploit this vulnerability by sending crafted input to the Administrative Console, likely via a URL or form field that is not properly sanitized. No authentication is explicitly required, though the Administrative Console may be protected by administrative credentials in default configurations; however, the vulnerability description does not restrict exploitation to authenticated users. The attack can be performed remotely over a network.
Impact
Successful exploitation allows an attacker to inject arbitrary web script or HTML into the Administrative Console pages, which can be viewed by other users. This can lead to information disclosure, session hijacking, or manipulation of administrative actions within the context of the victim's session [1]. The impact is within the scope of the browser/application and does not directly provide server-level control.
Mitigation
IBM released WebSphere Application Server V7.0.0.13, which is listed in the fix packs for V7.0 [3]. The APAR PM23872 addresses this and other defects and is included in the fix pack [2]. Administrators should upgrade to WAS 7.0.0.13 or later. No workarounds are described in the available references.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
- (no CPE)range: 7.0 before 7.0.0.13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/41722nvdVendor Advisory
- www.vupen.com/english/advisories/2010/2595nvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www.securityfocus.com/bid/43874nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/62948nvd
News mentions
0No linked articles in our index yet.